Implementation of Digital Assistants and Privacy Issues

 

Name –  Abhishek Gupta 

College - Symbiosis Law School, Pune 

INTRODUCTION

Using your voice to operate a machine has long been a sci-fi concept, but with the release of the voice assistant "Siri," the use of this software has expanded to include things like cars, smart speakers, smart TVs, and more. The fundamental concept behind software-based voice control is the ability to instruct a specific device to carry out specific tasks. Despite giving machines more functionality, privacy issues have always existed. Since the device is voice activated, it is assumed that it activates on its own and stores data with the software development companies. The intrusive phenomenon of voice assistants is further complicated by smart devices with cameras. Such scenarios necessitate rules and controls to guarantee that the user of the device is in control.

WHAT ARE VIRTUAL ASSISTANTS AND TYPES

Before we move on to the issues of privacy, let us first understand what virtual assistants are and how they function. The main goal of voice-controlled software is to remove the hardware devices such as keyboard and mouse between the user and the device, and make use of voice as the means of control. In the present technological environment, whenever we talk about voice assistants, the names of Siri or Google Assistant come to mind. These assistants are also implemented in cars and household devices. These assistants require saying a catchphrase to activate the voice command function and then the command of the user is followed by it. Since we are talking about virtual assistants, there can be other types of assistants as well1:

- Text: Such assistants are automated chat boxes that give suitable replies based on the text provided by the user. An example of this can be the bot chat boxes that we see on various websites. They are mostly used to assist the person in browsing through the website or contacting a support person.

- Voice: These are the assistants that take voice commands to function. Siri, Alexa and Google Assistant are some of the examples. The implementation of such software is mostly on personal devices such as phones and cars.

-  Image: As the name suggests, these assistants make use of images and physical form of text to give results. Google Lens is one such software that makes use of images. By scanning images, a person can copy text, number, translate text and even find the product by taking a picture of it.

While the categorization of text and image assistants is quite simple, the same cannot be said for voice assistants. All voice solutions cannot be considered voice assistants. For instance, while calling a support service, you may be required to speak a certain option. This is just voice input and is not a voice assistant. To be considered a voice assistant, certain conditions need to be fulfilled such as; there must be voice input of the user to activate the assistant, the assistant should understand the context and give output in a conversational manner, and lastly any command given by the user should be clarified before confirmation.

Now, let us briefly go through the types and uses of these virtual assistants.

-  General Purpose Assistants: These are the assistants that we talked about in the previous section as well. Siri, Alexa and Bixby are such assistants, which allows the user to set alarms, set reminders and so on.

-  In-app voice Assistants: These are different from the primary voice assistants on a device. Many apps integrate their own voice assistants to enhance the search experience. Amazon, Flipkart, Trainman and Bank of America have integrated their assistants in the apps.

-  Stand Alone Assistants: These assistants are developed for special purposes and hence are limited to specific fields of use. Suki and Niki.ai are two such assistants that are used in the medical field.

PRIVACY PROBLEMS AND REGULATIONS

The popularity of smart devices and use of assistants have grown since their launch. As per a report by Activate Forecast2, smart speakers were adopted at a faster rate than smartphones in 2018. In developing markets like India, the adoption has not been at the same pace, but people use voice assistance on their existing mobile devices. The mobile market is huge in India and is expected to grow to 490.9 million users this year.

Despite this increase in number of users, the concerns of privacy are also increasing. There is a risk of spying or hearing conversation of the user by these smart devices. In 20153, Samsung warned the customers to not talk about personal information near their smart TV. Even though these voice assistants only hear at a low level till the command is said, the research from Accenture UK shows that 40% of the users of such smart devices worry about who is listening and how that data is being used. These assistants are built in a way to understand the habits of the user and provide suitable results for every command. The data collected is shared with companies. There have been cases where the data have been hacked remotely and in one case in Germany4, a man was sent 1700 Alexa audio files that belonged to someone else. These files showed the habits, jobs and names of various people.

Such instances call for regulation. For the most part, the data protection for the European Residents is covered by General Data Protection Regulation (GDPR), California Privacy Act (CCPA) and Children’s Online Protection Act (COPPA). In India, the protection is given under Article 21 of the constitution, but a separate legislation for data protection does not exist.

The Information Technology Act of 2000 is the main law in India that addresses the issue of cybercrimes. Only information exchanged using electronic methods is taken into account by the act; non-electronic methods are not. Despite this legislation, adequate data protection could not be achieved. In 2019, the Lok Sabha received a bill pertaining to the protection of personal data, which further talked about processing of personal data, dividing data into various categories, setting obligations of data collectors, safeguarding the government agencies and also providing for offences and penalties.

In October 20125, the Report of the Group of Experts on Privacy was published and was chaired by Justice A.P. Shah. The report provided recommendations for a privacy framework in India. The report also provided 9 national principles of privacy that would apply to both the public and the private sector. The report aimed at matching the protection standards of the EU. The 9 principles include principle of Notice, Choice and Consent, Collection Limitation, Purpose Limitation, Access and Correction, Disclosure of Information, Security, Openness and Accountability.

These principles clearly focus on the aspect of transparency of the information being collected. If any voice assistance service is being provided, then consent of the user is necessary and the terms of use should be clearly provided. Following such principles, Google Assistant, Amazon Alexa and Siri provide instructions to the user and also use their app to take consent from the user. Some apps such as Spotify go as far as having its own voice control policy which provides what is collected and what is done with the voice data.

CONCLUSION

It is inevitable for technology such as voice assistance to not use our voice commands and data to give back suitable results. The results can only be personalised if user habits and data is shared. Despite this necessity, the incidents of voice information getting leaked and the active listening nature of the smart devices create a lot of doubt in users’ minds. We entrust these companies with our data and its protection and when we find that it is getting stored or leaked, then the credibility is lost. Instead of saving the audio files, the search habits of a particular user can be stored for personalization and if any information is being recorded, then consent of the user must be taken. Further, a feature that lets the user remotely activate the assistant using a remote or their smartphone should be developed. This will prevent active listening of conversation of the user and give confidence to the user about their privacy. We are aware of the legislations available globally and recommendations of various committees, and all it needs is a better implementation of these regulations. The policies of the companies must only be approved once such recommendations and guidelines are complied with, and any act against them should be followed by penalties and reformation of the service itself.

REFERENCES

1. Slang Labs, The Comprehensive Guide to Voice Assistants (2022) | Slang Labs, (last visited Jul 2, 2022).

2. Slideshare, https://www.slideshare.net/ActivateInc/activate-tech-media-outlook-2018, (last visited Jul 2, 2022).

3. Robert Bateman, Voice Assistants and Privacy Issues, Terms Feed, (Jul 1, 2022), Voice Assistants and Privacy Issues - TermsFeed.

4. Jo Adetunji, The Dark Side of Alexa, Siri and Other Personal Digital Assistants, The Conversation, (Dec 15, 2019, 01:34 PM GMT), The dark side of Alexa, Siri and other personal digital assistants (theconversation.com).

5. The Centre For Internet & Society, Internet Privacy in India — The Centre for Internet and Society (cis-india.org), (last visited Jul 2, 2022).